Security

Enterprise security, built in from day one

Database-per-tenant isolation, field-level encryption, tamper-proof audit logs, and granular access controls. Not bolted on — built into the foundation.

Activity feed showing tamper-proof audit trail with 92 events and category filtering

Every action is logged with immutable, timestamped audit trail

Data isolation

Database-per-tenant

Every organization gets its own isolated Postgres database on Neon. Your data never shares infrastructure with another tenant.

Network isolation

Tenant databases are provisioned in isolated compute with no cross-tenant network access.

Data residency

Choose where your data lives. Multi-jurisdiction deployment available on Enterprise plans.

Encryption

Field-level encryption

Sensitive fields encrypted with AES-256-GCM. Encryption keys are rotated automatically.

Encryption at rest

All data encrypted at rest using provider-managed keys with AES-256.

Encryption in transit

All connections use TLS 1.3. No unencrypted data leaves the platform.

Audit trail

Tamper-proof logging

Every create, update, and delete is permanently recorded with timestamp, user, and before/after values. Logs cannot be modified or deleted.

No silent edits

Journal entries, transactions, and account balances cannot be silently backdated, restated, or deleted. Every change is tracked.

Exportable audit history

Full audit log exportable for external review. Auditors can verify the complete history of any record.

Access controls

Role-based permissions

Granular roles at the entity, book, and account level. Admin, Controller, Accountant, Viewer, and custom roles.

Viewing keys with expiry

Grant auditors or investors scoped, read-only access to specific periods, entities, or account ranges. Keys expire automatically.

SSO / SAML

Enterprise single sign-on with SAML 2.0 and OIDC. Available on Enterprise plans.

Infrastructure

Neon Postgres

Serverless Postgres with automatic scaling, point-in-time recovery, and branching for development environments.

Vercel Edge Network

Application deployed globally on Vercel's edge network with automatic failover and DDoS protection.

Ethereum & Base

Verification proofs anchored permanently on Ethereum and Base. Immutable, independently verifiable records.

Compliance

GDPR

Data export, erasure, consent management, and data residency controls. Full compliance with EU data protection requirements.

Patent pending

Provisional patent filed for triple-entry accounting with automated proof generation and permanent verification anchoring.

Open API

Full REST API with OpenAPI specification. Build integrations, automate workflows, and audit programmatically.

Questions about security?

We're happy to discuss our security architecture, provide documentation for your vendor review, or schedule a technical deep-dive.

Contact usRead the docs